Security

Alpin's Commitment to Security

We help you secure your SaaS environment. That includes protecting your SaaS subscription and user data inside Alpin. We understand the sensitive and confidential nature of this information, and therefore, Alpin itself must be secure. We safeguard customer data through technologies, policies, and procedures expected by enterprise customers. This includes encryption, TLS, penetration testing, ISO 27001-certified partners, a least-privileged access model, and more.

Alpin is the latest product from the team that built Logrr — a cryptography-based identity and access management product for security-focused enterprises. This SSO + MFA product, like Alpin, was developed with security being paramount. Subjected to a four-week, four-person penetration test from one of the world’s largest financial institutions, Logrr earned a rare “green” report. Alpin continues that commitment to security.

Platform

Connection Security

Connections to Alpin employ Transport Layer Security (TLS) to protect and encrypt data communication. If you signed up for Alpin using your G Suite or Office 365 account, you will use OAuth 2.0 to access your account data. This open standard allows you to authorize Alpin to access your SaaS applications without sharing personal account credentials. Your passwords are never known, stored or shared with us. If you signed up for Alpin using an email address and password, we don’t store that password. Similarly, connections to SaaS applications integrated with Alpin use OAuth 2.0 or similar technologies to access those applications via APIs (application programming interfaces) that mean we never see your passwords.

Network Security

We take a “defense in depth” approach to protecting our systems and your data. Multiple layers of security controls protect access to and within our environment, including firewalls, intrusion protection systems and network segregation. Our security services are configured, monitored and maintained according to industry best practice. We partner with industry-leading security vendors to leverage their expertise and global threat intelligence to protect our systems.

Vulnerability Testing

User Control

You authorize users who can access your organization’s data in Alpin. Such users must receive an invitation to join your Alpin instance, and access can be revoked at any time. Connecting to SaaS applications integrated with Alpin requires an enterprise admin with credentials for those applications to configure and approve each API connection.

Availability

We are committed to making Alpin consistently available to you and your teams. Our systems have built-in redundancy to withstand failures and are constantly monitored to keep your work uninterrupted.

Scalability

We designed Alpin to grow with your business. Our high performance servers, networks and infrastructure ensure we can deliver quality service to you and all of our other customers.

Practices

Data Access

We adhere to the principle of “least privilege,” and data is accessible only to authorized Alpin personnel as required to operate the service.

Confidentiality and Information Security

We require all employees and contractors to sign and abide by non-disclosure confidentiality agreements, and to comply with our information security policies. We include provisions in our Master Subscription Agreement and Privacy Policy to protect your information, prohibiting us from disclosing customer data without written consent, except where required by law.

Training

We provide training to all employees on our information security practices during their new hire orientation, with refresher courses given annually to keep staff current. As new threats emerge, or changes are made to our security practices, we communicate the changes and educates employees in a timely manner.

Privacy

Privacy Policy

Alpin’s Privacy Policy, which describes how we handle data input into Alpin, can be found at alpin.io/privacy.